Location
Online
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2023 12:00 AM
End Date
7-1-2023 12:00 AM
Description
In this study, we use a semi-supervised natural language processing (NLP) methodology to assess cybersecurity strategy of firms based on their 10-K filings. Adapted from the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST), five distinct cybersecurity strategies, namely identification, protection, detection, response, and recovery, are measured annually. We find evidence that cybersecurity identification strategy is positively and significantly associated with firm market value. For those firms experienced a cyberattack in the past, disclosing cybersecurity protection strategy is not positively assessed by the market. This paper makes contribution to the literature on cybersecurity by identifying the cyber strategies disclosed in 10-K reports using textual analysis, which can be used in future cyber studies. We further show empirical evidence of how market reacts to different strategies, which have valuable implications for industry as to how to better manage cyber risk.
Recommended Citation
Cao, Rui; Kafaee, Özüm; Aziz, Arslan; and Cavusoglu, Hasan, "Market Reaction to Cyber Strategy Disclosure: Word Embedding Derived Approach" (2023). Hawaii International Conference on System Sciences 2023 (HICSS-56). 4.
https://aisel.aisnet.org/hicss-56/os/cybersecurity/4
Market Reaction to Cyber Strategy Disclosure: Word Embedding Derived Approach
Online
In this study, we use a semi-supervised natural language processing (NLP) methodology to assess cybersecurity strategy of firms based on their 10-K filings. Adapted from the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST), five distinct cybersecurity strategies, namely identification, protection, detection, response, and recovery, are measured annually. We find evidence that cybersecurity identification strategy is positively and significantly associated with firm market value. For those firms experienced a cyberattack in the past, disclosing cybersecurity protection strategy is not positively assessed by the market. This paper makes contribution to the literature on cybersecurity by identifying the cyber strategies disclosed in 10-K reports using textual analysis, which can be used in future cyber studies. We further show empirical evidence of how market reacts to different strategies, which have valuable implications for industry as to how to better manage cyber risk.
https://aisel.aisnet.org/hicss-56/os/cybersecurity/4